<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>polkit</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.76.1">
<link rel="home" href="index.html" title="polkit Reference Manual">
<link rel="up" href="manpages.html" title="Part VI. Manual Pages">
<link rel="prev" href="manpages.html" title="Part VI. Manual Pages">
<link rel="next" href="polkitd.8.html" title="polkitd">
<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
<td><a accesskey="p" href="manpages.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
<td><a accesskey="u" href="manpages.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
<th width="100%" align="center">polkit Reference Manual</th>
<td><a accesskey="n" href="polkitd.8.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
</tr></table>
<div class="refentry">
<a name="polkit.8"></a><div class="titlepage"></div>
<div class="refnamediv"><table width="100%"><tr>
<td valign="top">
<h2><span class="refentrytitle">polkit</span></h2>
<p>polkit — Authorization Framework</p>
</td>
<td valign="top" align="right"></td>
</tr></table></div>
<div class="refsect1">
<a name="polkit-overview"></a><h2>OVERVIEW</h2>
<p>
      PolicyKit provides an authorization API intended to be used by
      privileged programs (<span class="quote">“<span class="quote">MECHANISMS</span>”</span>) offering service
      to unprivileged programs (<span class="quote">“<span class="quote">CLIENTS</span>”</span>) through some
      form of IPC mechanism such as D-Bus or Unix pipes. In this
      scenario, the mechanism typically treats the client as
      untrusted. For every request from a client, the mechanism needs
      to determine if the request is authorized or if it should refuse
      to service the client. Using the PolicyKit API, a mechanism can
      offload this decision to a trusted party: The PolicyKit
      Authority.
    </p>
<p>
      In addition to acting as an authority, PolicyKit allows users to
      obtain temporary authorization through authenticating either an
      administrative user or the owner of the session the client
      belongs to. This is useful for scenarios where a mechanism needs
      to verify that the operator of the system really is the user or
      really is an administrative user.
    </p>
</div>
<div class="refsect1">
<a name="polkit-system-architecture"></a><h2>SYSTEM ARCHITECTURE</h2>
<p>
      The system architecture of PolicyKit is comprised of
      the <span class="emphasis"><em>Authority</em></span> (implemented as a service on
      the system message bus) and a
      <span class="emphasis"><em>Authentication Agent</em></span> per user session
      (provided and started by the user session e.g. GNOME or KDE).
      Additionally, PolicyKit supports a number of extension points –
      specifically, vendors and/or sites can write extensions to
      completely control authorization policy. In a block diagram, the
      architecture looks like this:
    </p>
<div class="mediaobject">
<a name="polkit-architecture"></a><img src="polkit-architecture.png" longdesc="polkit-architecture.html"><div class="longdesc-link" align="right">
<br clear="all"><span class="longdesc-link">[<a href="polkit-architecture.html" target="longdesc">D</a>]</span>
</div>
</div>
<p>
      For convenience, the <code class="literal">libpolkit-gobject-1</code>
      library wraps the PolicyKit D-Bus API using GObject. However, a
      mechanism can also use the D-Bus API or the
      <span class="citerefentry"><span class="refentrytitle">pkcheck</span>(1)</span>
      command to check authorizations.
    </p>
<p>
      The <code class="literal">libpolkit-agent-1</code> library provides an
      abstraction of the native authentication system, e.g.
      <span class="citerefentry"><span class="refentrytitle">pam</span>(8)</span>
      and also facilities registration and communication with the
      PolicyKit D-Bus service.
    </p>
<p>
      PolicyKit extensions and authority backends are implemented
      using the
      <code class="literal">libpolkit-backend-1</code> library.
    </p>
<p>
      See the
      <a class="ulink" href="file:///usr/share/gtk-doc/html/polkit-1/index.html" target="_top">developer
      documentation</a> for more information about using and
      extending PolicyKit.
    </p>
<p>
      See
      <span class="citerefentry"><span class="refentrytitle">pklocalauthority</span>(8)</span>
      for information about the Local Authority - the default
      authority implementation shipped with PolicyKit.
    </p>
</div>
<div class="refsect1">
<a name="polkit-authentication-agents"></a><h2>AUTHENTICATION AGENTS</h2>
<p>
      An authentication agent is used to make the user of a session
      prove that the user of the session really is the user (by
      authenticating as the user) or an administrative user (by
      authenticating as a administrator). In order to integrate well
      with the rest of the user session (e.g. match the look and
      feel), authentication agents are meant to be provided by the
      user session that the user uses. For example, an authentication
      agent may look like this:
    </p>
<div class="mediaobject">
<a name="polkit-authentication-agent-example"></a><img src="polkit-authentication-agent-example.png" longdesc="polkit-authentication-agent-example.html"><div class="longdesc-link" align="right">
<br clear="all"><span class="longdesc-link">[<a href="polkit-authentication-agent-example.html" target="longdesc">D</a>]</span>
</div>
</div>
<p>
      If the system is configured without a <span class="emphasis"><em>root</em></span>
      account it may allow you to select the administrative user who
      is authenticating:
    </p>
<div class="mediaobject">
<a name="polkit-authentication-agent-example-wheel"></a><img src="polkit-authentication-agent-example-wheel.png" longdesc="polkit-authentication-agent-example-wheel.html"><div class="longdesc-link" align="right">
<br clear="all"><span class="longdesc-link">[<a href="polkit-authentication-agent-example-wheel.html" target="longdesc">D</a>]</span>
</div>
</div>
<p>
      See
      <span class="citerefentry"><span class="refentrytitle">pklocalauthority</span>(8)</span>
      on how to set up the local authority
      implemention for systems without a <code class="literal">root</code>
      account.
    </p>
<p>
      Applications that do not run under a desktop environment (for
      example, if launched from a
      <span class="citerefentry"><span class="refentrytitle">ssh</span>(1)</span>
      login) may not have have an authentication agent associated with
      them. Such applications may use the <a class="link" href="PolkitAgentTextListener.html#PolkitAgentTextListener-struct" title="PolkitAgentTextListener">PolkitAgentTextListener</a>
      type or the
      <span class="citerefentry"><span class="refentrytitle">pkttyagent</span>(1)</span>
      helper so the user can authenticate using a textual interface.
    </p>
</div>
<div class="refsect1">
<a name="polkit-declaring-actions"></a><h2>DECLARING ACTIONS</h2>
<p>
      A mechanism need to declare a set of <span class="quote">“<span class="quote">ACTIONS</span>”</span> in
      order to use PolicyKit. Actions correspond to operations that
      clients can request the mechanism to carry out and are defined
      in XML files that the mechanism installs into
      the <code class="filename">/usr/share/polkit-1/actions</code> directory.
    </p>
<p>
      PolicyKit actions are namespaced and can only contain the
      characters <code class="literal">[a-z][0-9].-</code> e.g. lower-case
      ASCII, digits, period and hyphen. Each XML file can contain more
      than one action but all actions need to be in the same namespace
      and the file needs to be named after the namespace and have the
      extension <code class="literal">.policy</code>.
    </p>
<p>
      The XML file must have the following doctype declaration
    </p>
<pre class="programlisting">
&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"&gt;
</pre>
<p>
      The <span class="emphasis"><em>policyconfig</em></span> element must be present
      exactly once. Elements that can be used
      inside <span class="emphasis"><em>policyconfig</em></span> includes:
    </p>
<div class="variablelist"><table border="0">
<col align="left" valign="top">
<tbody>
<tr>
<td><p><span class="term"><span class="emphasis"><em>vendor</em></span></span></p></td>
<td><p>The name of the project or vendor that is
            supplying the actions in the XML
            document. Optional.</p></td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>vendor_url</em></span></span></p></td>
<td><p>A URL to the project or vendor that is
        supplying the actions in the XML document.
        Optional.</p></td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>icon_name</em></span></span></p></td>
<td><p>An icon representing the project or vendor
        that is supplying the actions in the XML document. The icon
        name must adhere to
        the <a class="ulink" href="http://standards.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html" target="_top">Freedesktop.org
        Icon Naming Specification</a>. Optional.</p></td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>action</em></span></span></p></td>
<td><p>Declares an action. The action name is
        specified using the <code class="literal">id</code> attribute and can
        only contain the characters <code class="literal">[a-z][0-9].-</code>
        e.g. lower-case ASCII, digits, period and
        hyphen.</p></td>
</tr>
</tbody>
</table></div>
<p>
      Elements that can be used inside <span class="emphasis"><em>action</em></span> includes:
    </p>
<div class="variablelist"><table border="0">
<col align="left" valign="top">
<tbody>
<tr>
<td><p><span class="term"><span class="emphasis"><em>description</em></span></span></p></td>
<td><p>A human readable description of the action, e.g. <span class="quote">“<span class="quote">Install unsigned software</span>”</span>.</p></td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>message</em></span></span></p></td>
<td><p>A human readable message displayed to the user when asking for credentials when authentication is needed, e.g. <span class="quote">“<span class="quote">Installing unsigned software requires authentication</span>”</span>.</p></td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>defaults</em></span></span></p></td>
<td>
<p>This element is used to specify implicit authorizations for clients.</p>
<p>
            Elements that can be used inside <span class="emphasis"><em>defaults</em></span> includes:
          </p>
<div class="variablelist"><table border="0">
<col align="left" valign="top">
<tbody>
<tr>
<td><p><span class="term"><span class="emphasis"><em>allow_any</em></span></span></p></td>
<td><p>Implicit authorizations that apply to
              any client. Optional.</p></td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>allow_inactive</em></span></span></p></td>
<td><p>Implicit authorizations that apply to
              clients in inactive sessions on local
              consoles. Optional.</p></td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>allow_active</em></span></span></p></td>
<td><p>Implicit authorizations that apply to
              clients in active sessions on local
              consoles. Optional.</p></td>
</tr>
</tbody>
</table></div>
<p>
            Each of
            the <span class="emphasis"><em>allow_any</em></span>, <span class="emphasis"><em>allow_inactive</em></span>
            and <span class="emphasis"><em>allow_active</em></span> elements can contain
            the following values:
          </p>
<div class="variablelist"><table border="0">
<col align="left" valign="top">
<tbody>
<tr>
<td><p><span class="term"><code class="literal">no</code></span></p></td>
<td><p>Not authorized.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="literal">yes</code></span></p></td>
<td><p>Authorized.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="literal">auth_self</code></span></p></td>
<td><p>Authentication by the owner of the
              session that the client originates from is
              required.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="literal">auth_admin</code></span></p></td>
<td><p>Authentication by an administrative user
              is required.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="literal">auth_self_keep</code></span></p></td>
<td><p>Like <code class="literal">auth_self</code> but
              the authorization is kept for a brief
              period.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="literal">auth_admin_keep</code></span></p></td>
<td><p>Like <code class="literal">auth_admin</code> but the authorization is kept for a brief period.</p></td>
</tr>
</tbody>
</table></div>
</td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>annotate</em></span></span></p></td>
<td><p>Used for annotating an action with a key/value
        pair. The key is specified using the
        the <code class="literal">key</code> attribute and the value is
        specified using the <code class="literal">value</code> attribute. This
        element may appear zero or more times. See
            below for known annotations. </p></td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>vendor</em></span></span></p></td>
<td><p>Used for overriding the vendor on a per-action
        basis. Optional.</p></td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>vendor_url</em></span></span></p></td>
<td><p>Used for overriding the vendor URL on a
        per-action basis. Optional.</p></td>
</tr>
<tr>
<td><p><span class="term"><span class="emphasis"><em>icon_name</em></span></span></p></td>
<td><p>Used for overriding the icon name on a
        per-action basis. Optional.</p></td>
</tr>
</tbody>
</table></div>
<p>
      For localization, <span class="emphasis"><em>description</em></span>
      and <span class="emphasis"><em>message</em></span> elements may occur multiple
      times with different <code class="literal">xml:lang</code> attributes.
    </p>
<p>
      To list installed PolicyKit actions, use the
      <span class="citerefentry"><span class="refentrytitle">pkaction</span>(1)</span>
      command.
    </p>
<div class="refsect2">
<a name="id502198"></a><h3>Known annotations</h3>
<p>
      The <code class="literal">org.freedesktop.policykit.exec.path</code>
      annotation is used by the <span class="command"><strong>pkexec</strong></span> program
      shipped with PolicyKit - see the
      <span class="citerefentry"><span class="refentrytitle">pkexec</span>(1)</span>
      man page for details.
    </p>
<p>
      The <code class="literal">org.freedesktop.policykit.imply</code>
      annotation (its value is a string containing a space separated
      list of action identifiers) can be used to define <span class="emphasis"><em>meta
      actions</em></span>. The way it works is that if a subject is
      authorized for an action with this annotation, then it is also
      authorized for any action specified by the annotation. A typical
      use of this annotation is when defining an UI shell with a
      single lock button that should unlock multiple actions from
      distinct mechanisms.
    </p>
<p>
      The <code class="literal">org.freedesktop.policykit.owner</code>
      annotation can be used to define a set of users who can query
      whether a client is authorized to perform this action.  If this
      annotation is not specified then only root can query whether a
      client running as a different user is authorized for an action.
      The value of this annotation is a string containing a space
      separated list of <a class="link" href="PolkitIdentity.html#PolkitIdentity-struct" title="PolkitIdentity">PolkitIdentity</a> entries,
      for example <code class="literal">"unix-user:42 unix-user:colord"</code>.
      A typical use of this annotation is for a daemon process that
      runs as a system user rather than root.
    </p>
</div>
</div>
<div class="refsect1">
<a name="polkit-author"></a><h2>AUTHOR</h2>
<p>
      Written by David Zeuthen <code class="email">&lt;<a class="email" href="mailto:davidz@redhat.com">davidz@redhat.com</a>&gt;</code> with
      a lot of help from many others.
    </p>
</div>
<div class="refsect1">
<a name="polkit-bugs"></a><h2>BUGS</h2>
<p>
      Please send bug reports to either the distribution or the
      polkit-devel mailing list,
      see the link <a class="ulink" href="http://lists.freedesktop.org/mailman/listinfo/polkit-devel" target="_top">http://lists.freedesktop.org/mailman/listinfo/polkit-devel</a>
      on how to subscribe.
    </p>
</div>
<div class="refsect1">
<a name="polkit-see-also"></a><h2>SEE ALSO</h2>
<p>
      <span class="citerefentry"><span class="refentrytitle">pklocalauthority</span>(8)</span>
      <span class="citerefentry"><span class="refentrytitle">polkitd</span>(8)</span>
      <span class="citerefentry"><span class="refentrytitle">pkaction</span>(1)</span>,
      <span class="citerefentry"><span class="refentrytitle">pkcheck</span>(1)</span>,
      <span class="citerefentry"><span class="refentrytitle">pkexec</span>(1)</span>,
      <span class="citerefentry"><span class="refentrytitle">pkttyagent</span>(1)</span>
    </p>
</div>
</div>
<div class="footer">
<hr>
          Generated by GTK-Doc V1.18</div>
</body>
</html>